RE: IE7 add-on

["Robert S. Slifkin" <rob () SLIFKIN NET>]

That does sound like a risk waiting to be exploited.  However, if you
log off of websites properly, that would greatly mitigate the risk.  


____________________________________
Robert S. Slifkin
Email: Rob () slifkin net
Phone: 203.962.3878

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of jason_jones98 () hotmail com
Sent: Thursday, February 07, 2008 9:34 AM
To: pen-test () securityfocus com
Subject: IE7 add-on

Hi.

I have just loaded the ie7 add-on 'open-last-tab', has anyone else had a
play with this? From initial results i have found this to be a great
'man-in-the-middle' attack tool.

Example on Bank site(no-names):

Log into your bank, open another tab within the window i.e. google.
Close the banking tab, hit Alt-X and the 'logged-in' banking window
re-opens. I have also attempted this on other applications and the
majority work. Can someone advise if M$ have provided us with a great
MITM plug-in tool? 


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------